[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   77.573859][   T32] audit: type=1800 audit(1569142396.629:25): pid=11552 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   77.597106][   T32] audit: type=1800 audit(1569142396.649:26): pid=11552 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   77.634171][   T32] audit: type=1800 audit(1569142396.669:27): pid=11552 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.212' (ECDSA) to the list of known hosts.
2019/09/22 08:53:28 fuzzer started
2019/09/22 08:53:33 dialing manager at 10.128.0.26:42045
2019/09/22 08:53:33 syscalls: 2382
2019/09/22 08:53:33 code coverage: enabled
2019/09/22 08:53:33 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2019/09/22 08:53:33 extra coverage: enabled
2019/09/22 08:53:33 setuid sandbox: enabled
2019/09/22 08:53:33 namespace sandbox: enabled
2019/09/22 08:53:33 Android sandbox: /sys/fs/selinux/policy does not exist
2019/09/22 08:53:33 fault injection: enabled
2019/09/22 08:53:33 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/09/22 08:53:33 net packet injection: enabled
2019/09/22 08:53:33 net device setup: enabled
syzkaller login: [  160.330886][T11703] ==================================================================
[  160.339216][T11703] BUG: KMSAN: uninit-value in kmem_cache_free+0x3df/0x2b70
[  160.346450][T11703] CPU: 1 PID: 11703 Comm: syz-fuzzer Not tainted 5.3.0-rc7+ #0
[  160.353993][T11703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  160.364316][T11703] Call Trace:
[  160.367635][T11703]  dump_stack+0x191/0x1f0
[  160.371958][T11703]  kmsan_report+0x162/0x2d0
[  160.376550][T11703]  __msan_warning+0x75/0xe0
[  160.381250][T11703]  kmem_cache_free+0x3df/0x2b70
[  160.386087][T11703]  ? kmsan_set_origin+0x6a/0xf0
[  160.390922][T11703]  ? kfree_skb+0x473/0x4c0
[  160.395391][T11703]  ? kmsan_internal_unpoison_shadow+0x2f/0x40
[  160.402493][T11703]  kfree_skb+0x473/0x4c0
[  160.406727][T11703]  ? packet_rcv_spkt+0x719/0x840
[  160.411666][T11703]  packet_rcv_spkt+0x719/0x840
[  160.416414][T11703]  ? packet_rcv+0x2190/0x2190
[  160.421067][T11703]  dev_queue_xmit_nit+0x1125/0x1200
[  160.426391][T11703]  dev_hard_start_xmit+0x21e/0xab0
[  160.431495][T11703]  sch_direct_xmit+0x56c/0x18c0
[  160.436436][T11703]  ? kmsan_set_origin+0x6a/0xf0
[  160.441286][T11703]  ? kmsan_get_shadow_origin_ptr+0x71/0x4c0
[  160.447179][T11703]  __dev_queue_xmit+0x1e53/0x4270
[  160.452299][T11703]  dev_queue_xmit+0x4b/0x60
[  160.456785][T11703]  ip_finish_output2+0x20c6/0x25d0
[  160.461900][T11703]  ? __msan_metadata_ptr_for_load_2+0x10/0x20
[  160.467958][T11703]  ? nf_ct_deliver_cached_events+0x4d5/0x6e0
[  160.473931][T11703]  ? kmsan_get_shadow_origin_ptr+0x71/0x4c0
[  160.480034][T11703]  __ip_finish_output+0xaf8/0xda0
[  160.485061][T11703]  ip_finish_output+0x2db/0x420
[  160.489913][T11703]  ip_output+0x541/0x610
[  160.494167][T11703]  ? ip_mc_finish_output+0x6d0/0x6d0
[  160.499526][T11703]  ? ip_finish_output+0x420/0x420
[  160.504557][T11703]  __ip_queue_xmit+0x1caf/0x21f0
[  160.509502][T11703]  ? kmsan_get_shadow_origin_ptr+0x71/0x4c0
[  160.515383][T11703]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  160.521658][T11703]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  160.527979][T11703]  ? kmsan_get_shadow_origin_ptr+0x71/0x4c0
[  160.533883][T11703]  ip_queue_xmit+0xcc/0xf0
[  160.538319][T11703]  ? tcp_v4_inbound_md5_hash+0xd10/0xd10
[  160.543940][T11703]  __tcp_transmit_skb+0x409e/0x5c60
[  160.549241][T11703]  __tcp_send_ack+0x701/0x840
[  160.553924][T11703]  tcp_send_ack+0x68/0x90
[  160.558237][T11703]  tcp_cleanup_rbuf+0x764/0x800
[  160.563088][T11703]  tcp_recvmsg+0x334d/0x4ff0
[  160.567686][T11703]  ? kmsan_get_shadow_origin_ptr+0x71/0x4c0
[  160.573643][T11703]  ? inet_recvmsg+0xc3/0x7d0
[  160.578298][T11703]  ? tcp_mmap+0x150/0x150
[  160.582605][T11703]  ? tcp_mmap+0x150/0x150
[  160.586912][T11703]  inet_recvmsg+0x237/0x7d0
[  160.592594][T11703]  ? inet_sendpage+0x2c0/0x2c0
[  160.597375][T11703]  ? kmsan_get_shadow_origin_ptr+0x71/0x4c0
[  160.603314][T11703]  ? inet_sendpage+0x2c0/0x2c0
[  160.608060][T11703]  ? inet_sendpage+0x2c0/0x2c0
[  160.612807][T11703]  sock_read_iter+0x5be/0x660
[  160.617473][T11703]  ? kernel_sock_ip_overhead+0x340/0x340
[  160.623087][T11703]  __vfs_read+0xa67/0xc90
[  160.627424][T11703]  vfs_read+0x359/0x6f0
[  160.631650][T11703]  ? kmsan_get_shadow_origin_ptr+0x71/0x4c0
[  160.637522][T11703]  ksys_read+0x265/0x430
[  160.641751][T11703]  __se_sys_read+0x92/0xb0
[  160.646153][T11703]  __x64_sys_read+0x4a/0x70
[  160.650725][T11703]  do_syscall_64+0xbc/0xf0
[  160.655129][T11703]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  160.660998][T11703] RIP: 0033:0x47fd44
[  160.664896][T11703] Code: ff ff cc cc cc cc e8 9b 40 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 45 31 d2 45 31 c0 45 31 c9 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30
[  160.685869][T11703] RSP: 002b:000000c420361760 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  160.694294][T11703] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fd44
[  160.702277][T11703] RDX: 0000000000001000 RSI: 000000c4202c0000 RDI: 0000000000000003
[  160.710250][T11703] RBP: 000000c4203617b0 R08: 0000000000000000 R09: 0000000000000000
[  160.721508][T11703] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  160.729483][T11703] R13: 0000000000000004 R14: 0000000000000004 R15: ffffffffffffffff
[  160.737531][T11703] 
[  160.739842][T11703] Uninit was stored to memory at:
[  160.744953][T11703]  kmsan_internal_chain_origin+0xcc/0x150
[  160.750654][T11703]  __msan_chain_origin+0x6b/0xe0
[  160.755579][T11703]  ___slab_alloc+0x1dbc/0x1fb0
[  160.760322][T11703]  kmem_cache_alloc+0xade/0xd10
[  160.765148][T11703]  skb_clone+0x326/0x5d0
[  160.769369][T11703]  dev_queue_xmit_nit+0x539/0x1200
[  160.774493][T11703]  dev_hard_start_xmit+0x21e/0xab0
[  160.779583][T11703]  sch_direct_xmit+0x56c/0x18c0
[  160.784496][T11703]  __dev_queue_xmit+0x1e53/0x4270
[  160.789507][T11703]  dev_queue_xmit+0x4b/0x60
[  160.793989][T11703]  ip_finish_output2+0x20c6/0x25d0
[  160.799076][T11703]  __ip_finish_output+0xaf8/0xda0
[  160.804080][T11703]  ip_finish_output+0x2db/0x420
[  160.809007][T11703]  ip_output+0x541/0x610
[  160.813238][T11703]  __ip_queue_xmit+0x1caf/0x21f0
[  160.818193][T11703]  ip_queue_xmit+0xcc/0xf0
[  160.822694][T11703]  __tcp_transmit_skb+0x409e/0x5c60
[  160.827962][T11703]  __tcp_send_ack+0x701/0x840
[  160.832726][T11703]  tcp_send_ack+0x68/0x90
[  160.837044][T11703]  tcp_cleanup_rbuf+0x764/0x800
[  160.841897][T11703]  tcp_recvmsg+0x334d/0x4ff0
[  160.846468][T11703]  inet_recvmsg+0x237/0x7d0
[  160.850948][T11703]  sock_read_iter+0x5be/0x660
[  160.855747][T11703]  __vfs_read+0xa67/0xc90
[  160.860092][T11703]  vfs_read+0x359/0x6f0
[  160.864226][T11703]  ksys_read+0x265/0x430
[  160.868803][T11703]  __se_sys_read+0x92/0xb0
[  160.873198][T11703]  __x64_sys_read+0x4a/0x70
[  160.877682][T11703]  do_syscall_64+0xbc/0xf0
[  160.882175][T11703]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  160.888047][T11703] 
[  160.890374][T11703] Uninit was created at:
[  160.895299][T11703]  kmsan_internal_poison_shadow+0x58/0xb0
[  160.900996][T11703]  kmsan_slab_free+0x8d/0x100
[  160.905826][T11703]  kmem_cache_free_bulk+0x3ad9/0x3f50
[  160.911173][T11703]  __kfree_skb_flush+0xb0/0x100
[  160.915999][T11703]  net_rx_action+0x1908/0x1950
[  160.921096][T11703]  __do_softirq+0x4a1/0x83a
[  160.925779][T11703]  irq_exit+0x230/0x280
[  160.930097][T11703]  do_IRQ+0x20d/0x3a0
[  160.934062][T11703]  ret_from_intr+0x0/0x33
[  160.938465][T11703]  finish_lock_switch+0x2b/0x40
[  160.943294][T11703]  finish_task_switch+0xfa/0x2d0
[  160.948206][T11703]  __schedule+0x646/0x780
[  160.952516][T11703]  schedule+0x19b/0x2d0
[  160.956785][T11703]  prepare_exit_to_usermode+0x222/0x4d0
[  160.962565][T11703]  swapgs_restore_regs_and_return_to_usermode+0x0/0x39
[  160.969560][T11703] ==================================================================
[  160.977616][T11703] Disabling lock debugging due to kernel taint
[  160.983755][T11703] Kernel panic - not syncing: panic_on_warn set ...
[  160.990338][T11703] CPU: 1 PID: 11703 Comm: syz-fuzzer Tainted: G    B             5.3.0-rc7+ #0
[  160.999245][T11703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  161.009293][T11703] Call Trace:
[  161.012591][T11703]  dump_stack+0x191/0x1f0
[  161.016914][T11703]  panic+0x3c9/0xc1e
[  161.020811][T11703]  kmsan_report+0x2ca/0x2d0
[  161.025321][T11703]  __msan_warning+0x75/0xe0
[  161.029819][T11703]  kmem_cache_free+0x3df/0x2b70
[  161.034651][T11703]  ? kmsan_set_origin+0x6a/0xf0
[  161.039482][T11703]  ? kfree_skb+0x473/0x4c0
[  161.043907][T11703]  ? kmsan_internal_unpoison_shadow+0x2f/0x40
[  161.049966][T11703]  kfree_skb+0x473/0x4c0
[  161.054204][T11703]  ? packet_rcv_spkt+0x719/0x840
[  161.059386][T11703]  packet_rcv_spkt+0x719/0x840
[  161.064231][T11703]  ? packet_rcv+0x2190/0x2190
[  161.068895][T11703]  dev_queue_xmit_nit+0x1125/0x1200
[  161.074088][T11703]  dev_hard_start_xmit+0x21e/0xab0
[  161.079207][T11703]  sch_direct_xmit+0x56c/0x18c0
[  161.084482][T11703]  ? kmsan_set_origin+0x6a/0xf0
[  161.089339][T11703]  ? kmsan_get_shadow_origin_ptr+0x71/0x4c0
[  161.095235][T11703]  __dev_queue_xmit+0x1e53/0x4270
[  161.100270][T11703]  dev_queue_xmit+0x4b/0x60
[  161.104765][T11703]  ip_finish_output2+0x20c6/0x25d0
[  161.109862][T11703]  ? __msan_metadata_ptr_for_load_2+0x10/0x20
[  161.116263][T11703]  ? nf_ct_deliver_cached_events+0x4d5/0x6e0
[  161.122228][T11703]  ? kmsan_get_shadow_origin_ptr+0x71/0x4c0
[  161.128198][T11703]  __ip_finish_output+0xaf8/0xda0
[  161.133213][T11703]  ip_finish_output+0x2db/0x420
[  161.138050][T11703]  ip_output+0x541/0x610
[  161.142277][T11703]  ? ip_mc_finish_output+0x6d0/0x6d0
[  161.147572][T11703]  ? ip_finish_output+0x420/0x420
[  161.152625][T11703]  __ip_queue_xmit+0x1caf/0x21f0
[  161.157560][T11703]  ? kmsan_get_shadow_origin_ptr+0x71/0x4c0
[  161.163631][T11703]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  161.169682][T11703]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  161.175748][T11703]  ? kmsan_get_shadow_origin_ptr+0x71/0x4c0
[  161.181635][T11703]  ip_queue_xmit+0xcc/0xf0
[  161.186388][T11703]  ? tcp_v4_inbound_md5_hash+0xd10/0xd10
[  161.192071][T11703]  __tcp_transmit_skb+0x409e/0x5c60
[  161.197296][T11703]  __tcp_send_ack+0x701/0x840
[  161.201970][T11703]  tcp_send_ack+0x68/0x90
[  161.206291][T11703]  tcp_cleanup_rbuf+0x764/0x800
[  161.211148][T11703]  tcp_recvmsg+0x334d/0x4ff0
[  161.215745][T11703]  ? kmsan_get_shadow_origin_ptr+0x71/0x4c0
[  161.221687][T11703]  ? inet_recvmsg+0xc3/0x7d0
[  161.226452][T11703]  ? tcp_mmap+0x150/0x150
[  161.230873][T11703]  ? tcp_mmap+0x150/0x150
[  161.235188][T11703]  inet_recvmsg+0x237/0x7d0
[  161.239787][T11703]  ? inet_sendpage+0x2c0/0x2c0
[  161.244677][T11703]  ? kmsan_get_shadow_origin_ptr+0x71/0x4c0
[  161.250696][T11703]  ? inet_sendpage+0x2c0/0x2c0
[  161.255517][T11703]  ? inet_sendpage+0x2c0/0x2c0
[  161.260587][T11703]  sock_read_iter+0x5be/0x660
[  161.265447][T11703]  ? kernel_sock_ip_overhead+0x340/0x340
[  161.271064][T11703]  __vfs_read+0xa67/0xc90
[  161.275422][T11703]  vfs_read+0x359/0x6f0
[  161.280173][T11703]  ? kmsan_get_shadow_origin_ptr+0x71/0x4c0
[  161.286174][T11703]  ksys_read+0x265/0x430
[  161.290418][T11703]  __se_sys_read+0x92/0xb0
[  161.294847][T11703]  __x64_sys_read+0x4a/0x70
[  161.299435][T11703]  do_syscall_64+0xbc/0xf0
[  161.304012][T11703]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  161.309908][T11703] RIP: 0033:0x47fd44
[  161.313802][T11703] Code: ff ff cc cc cc cc e8 9b 40 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 45 31 d2 45 31 c0 45 31 c9 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30
[  161.333401][T11703] RSP: 002b:000000c420361760 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  161.341970][T11703] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fd44
[  161.349921][T11703] RDX: 0000000000001000 RSI: 000000c4202c0000 RDI: 0000000000000003
[  161.357871][T11703] RBP: 000000c4203617b0 R08: 0000000000000000 R09: 0000000000000000
[  161.366299][T11703] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  161.374265][T11703] R13: 0000000000000004 R14: 0000000000000004 R15: ffffffffffffffff
[  161.383132][T11703] Kernel Offset: disabled
[  161.387588][T11703] Rebooting in 86400 seconds..